ACL Rule Sets

Access Control List (ACL) Rule Sets are collections of IP Addresses or Geographic Regions ("Geos") that you create to either allow or block their access to a Storage Group.

They serve as an added method of security for non-secure Access Methods (FTP), in that they help to prevent "man-in-the-middle password sniffing."

Protocols that use ACL Rule Sets

Use ACL Rule Sets with FTP and SSH-supported protocols.

Add an ACL Rule Set

  1. If necessary, access the ACL Rule Sets entity.
  2. Click + Add New Rule Set.
  3. In the Rule Set Details options, set the following and click Next to continue.
    1. Access Control Group: These groups (ACGs) define specific access for the active user account. (This includes things such as Alerts, CP Codes and Origin domains.) If your user account has been set up with access to multiple ACGs, ensure the one that offers access to the appropriate Upload Account CP Code is selected.
    2. Rule Set Name: Input the desired name for the ACL Rule Set. It is recommended that you use a unique, easy-to-remember value to allow for easy recognition throughout this interface.
    3. Rule Set Description: (Optional) Input a description for this ACL Rule Set, if desired.
  4. In the Rule Set IPs window, define the following as desired, and click Next to continue:
    1. Deny IPs: IP addresses entered here will be denied access to the applicable Storage Group. (ACL Rule Sets are associated with a specific Upload Account which controls access to the Storage Group.) Input an individual address and click outside the field or press Enter. Click this field again and repeat this process to add additional entries. If desired, click the associated "Bad IP Reports" link to access a separate UI that lists IP Addresses that have unsuccessfully attempted to access the target Storage Group.
    2. Allow IPs: IP addresses/CIDR blocks entered here will be allowed access to the applicable Storage Group. (ACL Rule Sets are associated with a specific Upload Account which controls access to the Storage Group.) Input an individual address and click outside the field or press Enter. Click this field again and repeat this process to add additional entries. If desired, click the associated Good IP Reports link to access a separate UI that lists IP Addresses that have successfully accessed the target Storage Group.
  5. In the Rule Set GEOs window, define the following as desired, and click Next to continue:
    1. Allow/Deny GEOs: Use this functionality to determine if various geographic regions ("GEOs") should be allowed or denied access to the applicable Storage Group. If desired, click "Good GEO Reports" to access a separate UI that lists GEOs that have successfully ("Good") accessed the target Storage Group, or have unsuccessfully attempted access ("Bad").
    2. Location Type: Select the desired GEO location type, an entire Country or an individual Region (currently, the Region selection only supports states within the United States).
    3. List of Locations - Click this field to reveal a list of locations for selection (based on what is set in the Location Type drop-down.
  6. In the Upload Accounts window, locate an applicable Upload Account and click to select it. This should be an account that has been configured with the desired Access Methods, and has been associated with an Upload Directory in the desired Storage Group. Multiple accounts can be selected.
  7. In the Summary window, review the settings applied. If desired, you can click the specific window's numbered entry in the left panel to return it, or click Previous.
  8. When you're satisfied with all settings, click Create.

Associate an ACL Rule Set with an Upload Account

ACL Rule Sets are applied to an upload account, either during its creation, or when editing an existing one. (You use options in the Advanced Settings content panel.)

The ACL Rule Sets functionality for an Upload Account
How to
  1. Click Select Rule Sets.
  2. In the drop-down that is revealed, select the applicable rule set.
  3. To remove a rule set, click the entry's X icon.

View an existing ACL Rule Set

Perform these steps to view an existing ACL Rule Set (but not make edits to it):
  1. Access the ACL Rule Sets entity.
  2. To filter results to the specific rule set, input its ACL Rule Set Name in the Filter field.
  3. Click the entry in the table to open it in Detail View.

Edit an ACL Rule Set

  1. Access the ACL Rule Sets entity.
  2. To filter results to the specific rule set, input its ACL Rule Set Name in the Filter field.
  3. Click the edit icon () in the Actions column.
What you should see

Settings revealed are the same as those used to create an ACL Rule Set.

Note: Remember that an ACL Rule Set can be applied to more than one Upload Account (thereby protecting more than one Storage Group). It is recommended that you view the existing ACL Rule Set before editing it.

Delete an ACL Rule Set

  1. Access the ACL Rule Sets entity.
  2. To filter results to the specific rule set, input its ACL Rule Set Name in the Filter field.
  3. Click the delete icon () in the Actions column.
    Note: Remember that an ACL Rule Set can be applied to more than one Upload Account (thereby protecting more than one Storage Group). It is recommended that you view the existing ACL Rule Set before deleting it.
    1. In the dialog that is launched, click the Yes button to confirm (or No to abort).
What you should see

Deleting an ACL Rule Set will automatically remove it from all Upload Accounts that have it applied.

Remove an ACL Rule Set from an Upload Account

If you have added an ACL Rule Set to a specific upload account and you need to remove it, this is done by editing the account to access the Advanced Settings content panel. Locate the target set in the Select Rule Sets field and click the entry's X icon.

The ACL Rule Set will remain in your library for use. (It will also maintain its associations with any other Upload Accounts.)